A Digital Rights Management Ecosystem Model

For the Education Community

Geoff Collier, Harry Piccariello and Robby Robson1

May 10, 2004

1 The Digital Rights Management Challenge .............................................................. 1

2 A Digital Rights Management Ecosystem Model ....................................................... 2
3 Applying the Model ............................................................................................. 4
3.1 Scenario 1 - Commercial Content .................................................................. 4
3.2 Scenario 2 – Sharing a Faculty-Developed Test Bank ....................................... 7
3.3 Scenario 3 – Community College Use of Video Materials ................................... 9
3.4 Scenario 4 - Rights Management for Catalog Records..................................... 12
4 Implementing DRM in an Ecosystem.................................................................... 15
4.1 The Rights Management Environment .......................................................... 15
4.2 Content Life Cycle ..................................................................................... 17
4.3 Tools and Applications Supporting the Content Life Cycle................................ 17
4.4 Rights Management Tools, Services and Standards ........................................ 19
5 Conclusion....................................................................................................... 22
6 References ...................................................................................................... 23

Permission is granted to copy and to distribute this paper provided that no alterations are
made, the paper is distributed in its entirety and copies are distributed at no cost.

1
Geoff Collier (gcollier@eduworks.com) is a senior partner at Eduworks Corporation and has over 20 years of
experience in designing and implementing student administration systems. Harry Piccariello
(harry.piccariello@contentguard.com) is convener of the ISO/IEC JTC1 Working Group on Digital Rights Expression
Languages. Robby Robson (rrobson@eduworks.com) is president of Eduworks Corporation, Chair of the IEEE
Learning Technology Standards Committee and director of the National Digital Science Library Reusable Learning
project.
 1 The Digital Rights Management Challenge
In the education community learning content is created and managed in a complex and
changing environment. Institutions and organizations are building digital repositories of
learning objects and other content [25, 28, 30, 31]. These repositories are federating with
each other and are providing widespread access in ways that make it difficult to know who
or how their content and services are being used.

Nor are the processes of creating, delivering and using content simple or linear. Content
goes through a life cycle during which multiple authors may be associated with any piece of
content, and content may be distributed through multiple channels, modified several times,
and used in many different ways for teaching and learning.

These developments require a careful examination of the requirements and methods for
managing intellectual property rights using information and communication technology, in
other words, for Digital Rights Management (DRM2).

Protection is not the only goal

DRM is often thought of as the ability to prevent consumers from accessing or distributing
digital content without authorization3. This ‘retail’ view of DRM is based on a model where
content is published by a single source and is ultimately consumed by users who do not
modify the content.

Although commercial licensing is an important market mechanism that is used by for-profit

publishers in education, it is not the only model of intellectual property management. Nor is
protection against unauthorized use the only capability that must be supported by a digital
rights management ecosystem. Educational and research activities require policies,
standards and technologies that support the sharing and reuse of learning resources, rather
than limiting that sharing and reuse [41]. Effective rights management is needed to enable
sharing while respecting the conditions and requirements that rights holders have
associated with their content. Digital Rights Management must act as an enabling
technology, not just a controlling technology.

Rights management includes tracking and attribution

The goal of many content authors in academia is to share their intellectual property as
widely as possible while receiving appropriate attribution whenever and wherever their
works are used. In addition, many repositories and content providers want usage data, for
evaluation purposes as well as for determining costs associated with distribution licenses.

Currently, attribution is enforced by professional norms within the academic community and
usage is typically tracked and reported by distributors (such as bookstores) that have a
direct relation with their content providers (such as publishers). This model does not meet
all the requirements of distributed network environments.

2
In this white paper DRM refers to the management of intellectual property rights using digital methods.
3
For example, the book publisher South-Western [50] defines DRM systems as those that “help protect the
copyright of materials by defining how the content can be used. These rights are determined by the publishers.”

Page 1 Collier, Piccariello, Robson

 Rights must persist in a distributed network

The IT infrastructures of universities provide access control and security within their
organizational confines. These capabilities can be used to enable and control the use of
documents and other files stored and used within these boundaries. However, content
sharing in academia crosses the boundaries of technology environments and organizations
to form highly distributed systems that can span the globe. Content may be distributed to
any number of delivery media, platforms or environments.

Therefore, the technology used to express and enforce the terms and conditions associated
with digital content must be ‘persistent’ in the sense that it must be available whenever and
wherever the content is accessed, distributed or used.

Standards and models are needed

It is not feasible to use ad-hoc or proprietary methods for managing the intellectual
property rights associated with so much content from so many sources. Standardized and
automated methods are needed for expressing, transmitting, interpreting and enforcing
rights. Similarly, a model is needed to assist organizations in analyzing their particular
requirements and formulating or selecting policy and technology solutions.

The next section of this white paper puts forward such a model. It identifies the components
and processes that make up a digital rights management ecosystem in the education
community. The model is intended to provide a structured framework for analyzing DRM
scenarios, requirements, roles and technology options. The output from the model is a
structured analysis of DRM requirements, current and potential solutions, and the
identification of gaps and issues in supporting these requirements.

In Section 3 the model is applied to specific scenarios representative of current reality in the
academic community. The scenarios demonstrate how the model can be used to structure
an analysis of digital rights management, identifying gaps and what is needed to fill those
gaps. Section 4 addresses the process of preparing for automated DRM, walking through the
components of the ecosystem model and pointing out some of the more important issues
raised.

2 A Digital Rights Management Ecosystem4 Model

The DRM ecosystem model presented in this paper contains the following components:

A Rights Management Environment – Rights management takes place in an

environment composed of the law, policy, practice, market mechanisms, organizations,
roles, and expectations of the community. This environment sets the context, expectations
and goals of any rights management implementation.

Actors – Rights apply to people and organizations, not to technology. Any implementation
of rights management must identify the key actors and keep them firmly in mind. In our
analysis, these are included as part of the environmental factors.

4
An ecosystem is “a system formed by the interaction of a community of organisms with their physical
environment” [15]. The term is used in this paper to emphasize the need to look at the wider context in which an
institution operates when examining DRM issues.

Page 2 Collier, Piccariello, Robson

A Content Life Cycle – Digital rights management exists within the larger context of
content management. Processes related to the creation, distribution, acquisition and use of
content - the content life cycle – form the underlying structure of which DRM is part.

Tools and Applications – Content is created, distributed, acquired and used via software
that includes authoring tools, content repositories, learning management environments and
personal computing environments. Rights management affects all these tools and
applications.

Rights Management Processes – The model organizes rights management processes into
four major categories: Defining rights, distributing / acquiring rights, enforcing rights, and
tracking usage. These are the processes that must be supported in a DRM ecosystem.

Standards and Services – Rights management makes use of services provided by an

enterprise infrastructure and places its own demands for new standards and services. If the
rights management environment provides the human context for DRM, then standards and
services provide the technological context.

Figure 1

Page 3 Collier, Piccariello, Robson

 3 Applying the Model
The above diagram captures the components of this DRM Ecosystem model and shows how
rights flow through the ecosystem. It depicts some of the specific actors, applications,
standards and services that are relevant to the education community. Individual
components will be discussed further in Section 4. In this section the model is used to
analyze the rights management components of a given ecosystem. The steps involved are:

1. Identify environmental factors that affect rights management, including:

a. Market models
b. The legal and policy context
c. Important actors (organizations and people) and roles
d. Expectations for the management of rights

2. Identify the content lifecycle(s) in the scenario.

3. Identify where and how rights should be

a. Defined
b. Acquired and distributed
c. Enforced

4. Identify where and how usage should be tracked.

5. Identify what services are required for 3 & 4.

6. Identify what services are provided by existing technology.

7. Identify what functionality gaps need to be filled and what approaches are realistic.

This process will be illustrated using four scenarios.

3.1 Scenario 1 - Commercial Content

The first scenario is a straightforward one in which a college bookstore acquires online
“course packs” from a textbook publisher. The course packs complement and support the
textbook being used for a particular course. Course packs are loaded directly into a campus
Course Management System through which students access them.

Analysis

1. Environmental Factors

a. Market models. The market model in this scenario is a consumer model in

which a rights holder (the publisher) distributes content (the course packs) to a
consumer (the student) in exchange for money. The college bookstore is acting
as a distributor that buys the content from the publisher and sells it to the
consumer.

b. Legal and Policy Context. As with all scenarios that will be examined, copyright
and other applicable laws form the legal context. Depending on the country or

Page 4 Collier, Piccariello, Robson

 countries in which the transactions take place, different laws may apply. In
countries with laws similar to the United States, the publisher is most likely the
rights holder and is selling licenses that permit the content to be distributed and
used in certain ways. This is no different than selling books, videos or DVD’s. If
some of the content is copy protected or prevents printing, then the Digital
Millennium Copyright Act [51] may apply, making it illegal for students (or
anyone else) to circumvent that protection.

c. Important actors (organizations and people) and roles. Important actors in

this scenario include:

ƒ The publisher of the course packs

ƒ The college bookstore
ƒ Faculty and instructors who assign the content
ƒ Students who use the content

d. Expectations for the management of rights. The publisher expects

contractual arrangements between it and the bookstore to be enforced and
access to course packs to be restricted to students who have bought the text or
the course pack supplement. The publisher may require that usage be tracked so
that it knows how many units have been sold and the bookstore may want to
track usage as part of its inventory control system. To protect its business model
the publisher would also like the contents of course packs to be protected from
unauthorized modification, replication or distribution.

2. Content Lifecycle

In this scenario the content (course packs) enters the college ecosystem from an
external but controlled source (the publisher). It is distributed via a Course
Management System and is “consumed” by the student. This is simple linear
distribution chain in which no modification of content takes place.

3. Rights

a. Definition of Rights. In this scenario rights are defined through existing law
and through a contract. This works because the publisher and the college
bookstore are trusted partners who negotiate a contract directly with each other.
The course packs are only made available only after a relationship is established
and contracts are in place.

b. Acquisition and Distribution of Rights. Students acquire rights from the

publisher by purchasing a textbook or by separately purchasing a license for the
course pack. The college bookstore school acts as an intermediary who
distributes the rights to the students and also acquires distribution rights from
the publisher.

c. Enforcement. There are three places in this scenario where rights might be
enforced.

ƒ The publisher might rescind distribution rights if the bookstore does not meet
required terms and conditions.
ƒ The Course Management System could enforce rights by denying students
access to the course pack if access is not authorized.

Page 5 Collier, Piccariello, Robson

 ƒ The content in the course packs may include intrinsic protection that prevents
it from being copied or altered. It might also be encrypted in a way that
requires a student to enter a key before the content can be displayed.

4. Usage Tracking

If usage tracking is a requirement, then it will be tracked either by the Course

Management System when the course packs are used or by the bookstore when the
course pack licenses and textbooks are sold.

5. Services Required

The services potentially required in this scenario include:

ƒ Content Protection (copy protection or encryption)

ƒ Authentication and authorization services
ƒ Financial services (to handle fees and licenses)
ƒ Usage tracking and reporting services

6. Services Provided by Existing Technology

Course Management Systems provide authentication and authorization services.

Sometimes these are integrated into larger institutional authentication services. If
access is granted by course or by section, this type of authentication and
authorization is sufficient.

Financial and usage tracking services associated with selling text books and course
pack licenses are already in place and being used.

Copy protection requires “rights enabled” software. Some document formats (such
as PDF) can be more easily copy protected than others. Copy protection can be
“hacked,” but the Digital Millennium Copyright Act makes this a federal offense in the
United States.

7. Gaps / Future Technology

The rights management required by this scenario is not significantly different than
that required for traditional sales of books or media. The sticky points are:

ƒ Course Management Systems may not be able to conveniently handle access

control based on anything more than membership in a particular class or
section. Mechanisms are needed to provide access based on external factors
such as the possession of a license.

ƒ Copy protection depends on developing technologies that have not been fine-
tuned. Ideally students should be able to legally and conveniently make
backup copies of content accessed through Course Management Systems but
prevented from distributing copies.

ƒ There is no persistence of rights management once content is copied into the

student’s personal computing environment. The rights associated with the
content are not expressed in a way that can be interpreted and enforced by
personal computing technology from other vendors.

Page 6 Collier, Piccariello, Robson

3.2 Scenario 2 – Sharing a Faculty-Developed Test Bank5

A professor has developed a bank of interactive test questions. Funding for the project was
received from the National Science Foundation (NSF) and in return the professor promised
to (a) make the question bank available to any faculty member at any accredited university
or college and (b) report the usage of the test bank to the NSF.

The test bank can be downloaded in the form of an executable file. With some technical
expertise, this file can be used to make questions available on a course Web site or used to
load questions into a Course Management System. The professor makes the executable file
available on her own Web site and also gives a copy to her university’s library, where it
become part of a searchable institutional repository.

Analysis

1. Environmental Factors

a. Market models. In this scenario, attribution and contributions to the community

translate into funding, promotion and other personal rewards for the author. The
rights holder does not expect the content to be sold. Should a commercial
content provider wish to sell or distribute the test bank, a new market model
would come into play.

b. Legal and Policy Context. Copyright [52] and other applicable laws form the
legal basis for rights management. Although funding for the test bank came from
the NSF, the NSF does not claim any intellectual property rights. Therefore the
rights holder is either the professor or the professor’s institution (or some
combination), depending on the terms of the professor’s employment. In
practice, the professor is either the rights holder or acts as the prime agent for
the rights holder.

Policies (or legislation) about privacy, record keeping etc. could affect rights
management in this scenario. Despite the fact the professor wants to collect data
on the usage and results of her test questions, this data may be confidential.

c. Important actors (organizations and people) and roles. Important actors in

this scenario include:

ƒ The professor
ƒ Faculty and students at other institutions
ƒ The library at the professor’s institution
ƒ The National Science Foundation

d. Expectations for the management of rights. The professor expects that

attribution will be given whenever her questions are used and that usage data
will be returned to her. The professor does not expect the content to be sold or
commercially distributed, and does not wish the test bank questions to be
modified without her permission.

5
This scenario was proposed by Gerd Kortemeyer as part of an interactive presentation on DRM at the NLII 2004
Annual Meeting, and was analyzed through a role playing process during that presentation. Gerd is the Director of
the Michigan State University Laboratory for Instructional Technology in Education [24].

Page 7 Collier, Piccariello, Robson

 The professor also expects that faculty will assign questions and that students
will use them. She does not want students to have access to her questions other
than as part of a course.

2. Content Lifecycle.

The question bank was created by the professor in her own personal computing
environment. She distributed it to her own Web site and to the university library.
Faculty members download the associated executable file from her Web site or from
her institution’s repository. The file allows questions to be incorporated into class
Web sites or loaded into a Course Management Systems. Students interact with the
quizzes through these sources.

Some faculty members who use the questions want to make additions and changes.
To do so they must contact the authoring professor for permission and to obtain the
source code for modification.

3. Rights

a. Definition of Rights. This is an example of a distributed use model where the

partners are not known to each other in advance. Access to content (the
interactive questions) is governed by roles (professor or student). Rights may be
explicitly defined by statements incorporated into the content (e.g. a license
agreement), by a statement on the professor’s Web site or by a statement
associated to the question banks in the library’s institutional repository.

b. Acquisition and Distribution of Rights. Faculty members acquire usage and

distribution rights when they download the executable file for the question bank.
Students acquire rights when they use questions through a course Web site or
Course Management System. These rights must reflect the distribution rights
originally granted by the authoring professor: faculty members do not have the
right to modify the questions without permission and students do not have the
right to access the executable file or (implicitly) to distribute and share questions.

c. Enforcement. The ban on modification of the executable file is enforced by its

format – without the source code it cannot be edited – but an authentication and
authorization system is needed to prevent students from accessing the
executable file. This system must be in place on the authoring professor’s Web
site and in her institution’s repository. If a faculty member downloads the
executable file, it becomes that person’s responsibility to enforce distribution
restrictions. Moreover, some type of copy/print protection is needed to prevent
students from distributing copies of quiz questions. Those protections could be
provided within the content (put there by the author) or enabled by the systems
used to deliver the quiz questions, e.g. a Course Management System.

4. Usage Tracking

The authoring professor wants the usage of questions reported back to her. She may
have to settle for download statistics from her Web site and from her institution’s
library repository, but she would prefer to receive data back from faculty members
who deploy her questions. This requires tracking at the point of consumption,
meaning when students use the quiz questions.

Page 8 Collier, Piccariello, Robson

 5. Service Required

The professor’s Web site and her library repository require authentication and
authorization services to restrict access to the full question set to faculty at
accredited educational institutions. Course Web sites and course management
systems require authentication and authorization to restrict access to students
enrolled in the course and possibly as part of the effort to prevent unauthorized re-
distribution of the quiz questions. Copy and print protection is required as discussed
above.

Regardless of how rights are enforced in this scenario, they need to be expressed so
that faculty members understand the terms of use (e.g. that reporting usage data is
a condition for using the questions). If copy protection is to be implemented by
systems delivering the quiz questions, then those systems must know that the
questions are to be copy protected. The service required is a rights expression
service that expresses rights, terms and conditions in a standardized way.

6. Services Provided by Existing Technology

Authentication and authorization services are provided by library repository systems.

Systems like Shibboleth can provide trusted authentication across cooperating
institutions. Downloads and usage statistics can be tracked using existing logging
and reporting technology, and files in certain formats can be intrinsically copy/print
protected.

7. Gaps / Future Technology

If the authoring professor disseminates her work through a typical personal or

departmental Web site, it is unlikely to provide the needed authentication services.
Furthermore, there is nothing to prevent a faculty member from downloading the
executable file and intentionally or unintentionally granting access to students. If
formats such as HTML are used for the quiz questions, copy and print protection is
not available.

These gaps illustrate the need for a rights management methodology that associates
rights with content in a way that travels with the content as it is distributed and re-
distributed. Systems that can read, interpret and act upon standard rights
expressions may fill this need, as illustrated by projects like the Australian COLIS
project [4,9].

3.3 Scenario 3 – Community College Use of Video Materials6

A Community College history instructor has purchased a set of videos of the PBS series “The
Civil War” by Ken Burns and wishes to make a number of scenes available online so
students in his class can view them while working on a term paper. The community college
has a media server that is capable of streaming digitized extracts of this video to students.

6
This scenario comes from [40].

Page 9 Collier, Piccariello, Robson

 Analysis

1. Environmental Factors

a. Market models. The initial purchase by the professor follows a consumer model
where PBS distributes content to the instructor in exchange for payment. The
market model relevant to the class, however, is one where content is provided by
an educational institution in exchange for tuition. Even though PBS has a public
service component, there is a discontinuity in the market models under which the
video was acquired and under which portions are distributed.

b. Legal and Policy Context. The scenario described is precisely the type of
situation envisioned by the TEACH Act7. Prior to enactment of the TEACH Act,
online distribution of “displays and performances” (as a video is called in legal
terminology) was not allowed. The TEACH Act makes this possible, albeit with
numerous restrictions and requirements. In this scenario the Act requires that:

ƒ The community college have a copyright protection and rights management

policy in place and that staff (including the history instructor) be made aware
of the policy.

ƒ If The Civil War is available in digitized form, the community college must
purchase it. Converting video to streaming media is allowed only if there is no
alternative source of digitized content.

ƒ The digitized versions of the scenes from The Civil War must be maintained in
a way that reasonably prevents their use by anyone other than intended
recipients, and that prevents use for any longer than is necessary for the
students to complete their class assignment.

ƒ A copyright notice must be displayed to students.

ƒ The content must be protected in a way that technologically prevents

students from obtaining local copies that could be re-distributed or used past
the time period needed for the class assignment.

c. Important actors (organizations and people) and roles.

ƒ The content publisher (PBS)

ƒ The instructor
ƒ The organization on campus that manages the server where the content will
be hosted and served
ƒ Students taking the history course

d. Expectations for the management of rights. PBS expects that its intellectual
property will used in accordance with U.S. law [52], including the TEACH act. The
community college administration expects that faculty and staff will follow
institutional policies with regard to intellectual property rights.

7
Technology, Education And Copyright Harmonization Act [40,53].

Page 10 Collier, Piccariello, Robson

 2. Content Lifecycle

The Civil War video was produced by PBS and purchased by the instructor. If a
digitized version is available, this digitized copy must be purchased by the
community college. The video will then be loaded to the server by the community
college’s technical staff and viewed by the students who are enrolled in the history
course.

3. Rights

a. Definition of Rights. Rights are defined by PBS at the time the video is
published and sold. However, U.S. Copyright law, in particular the TEACH Act,
also grants certain usage and distribution rights with associated conditions.

b. Acquisition and Distribution of Rights. The instructor acquired a license when

buying the video. This license most likely does not permit public displays or re-
broadcasting. However, the TEACH Act does permit the instructor to display
portions of the video online for a class. Thus the right to use the video as
envisioned may be viewed as having been acquired at the point of purchase as
well.

Students acquire rights to see the portions of the video when they enroll in the
class, and these rights are distributed by the community college. The rights
distributed to the students are severely restricted and do not include the right to
redistribute content or even to retain content past the end of the period during
which they are authorized to see it.

c. Enforcement. There are numerous points in this scenario where rights need to
be enforced. The original license purchased by the instructor (as part of buying
the video) undoubtedly forbids copying and redistribution. If any technological
protection is used, as might be the case with some newer digital formats, the
Digital Copyright Millennium Act makes it illegal to defeat (or “hack”) the
protection. Even without protection, the community college will be very reluctant
to put a copy on its media server in violation of copyright law: the threat of
litigation sufficiently outweighs the cost of compliance, which in this case may
mean buying a digitized copy. Once the video (or portions of the video) are on
the media server, the TEACH Act requires that access be restricted to students
enrolled in a class that is using it and that it not be made available for any longer
than necessary. These restrictions might be enforced by the media server or by a
course management system (or class Web site) through which the video is
accessed. Downloading, at least in a form that can be retained or distributed,
must also be prevented. Without more sophisticated services that express and
enforce licenses, the most plausible way to do that is to use a format that cannot
be converted to a local copy.

4. Usage Tracking

The community college is not required by law to track usage, but they presumably
may be called upon to demonstrate that content used under the TEACH Act is only
accessible by enrolled students and cannot be downloaded. The community college
may wish to track usage for other reasons, such as generating statistics for internal
budgeting purposes and the instructor may wish to track usage to see how the video
is being used.

Page 11 Collier, Piccariello, Robson

 5. Service Required

Authentication and authorization services are needed to restrict access to students

who are legitimately enrolled in the history course. Content protection (copy
protection and / or encryption) are needed to prevent unauthorized copying and use
of the content. Usage tracking is desirable.

6. Services Provided by Existing Technology

Course Management Systems provide most of the authorization and authentication

services needed in this scenario. To meet the TEACH act restrictions, the system
must restrict access to enrolled students, and limit that access to the times when the
content is needed for class purposes. Streaming media can prevent copies from
being made. This technology is available today.

7. Gaps / Future Technology

The basic TEACH Act requirements can be met with existing technology. However,
there are still gaps. For example, there is very little extant technology that allows a
document to be copied but not distributed or that allows a document to be viewed
only during a specific time period. Moreover, access to resources in Course
Management Systems is generally set up by instructors, adding another
administrative duty to people whose primary job is teaching.

As with the previous scenario, what is needed is a way of associating rights directly
with content and relying on systems (such as Course Management Systems) to
interpret and enforce these rights, rather than programming the rights into the
systems via access control.

3.4 Scenario 4 - Rights Management for Catalog Records8

A digital library reviews and maintains catalog records of material for K-12 mathematics and
science teaching. The materials come from a variety of sources including

ƒ Individual authors or schools

ƒ Commercial publishers
ƒ Educational outreach programs sponsored by agencies such as NASA
ƒ Educational programs produced by public and commercial television
ƒ Catalog records from other educationally oriented digital libraries

The records maintained by the digital library point to original sources from the material;
with rare exceptions the digital library does not “house” any content itself.

Teachers, students and school districts use the digital library to find professional
development material for teachers and content for students. The content is used in both
purely online and traditional classroom settings. The digital library provides an interface that
permits users to find content based on keywords, subject classifications, grade levels,
articulation with curriculum standards, technical requirements and many other

8
This scenario is a real-life scenario based on issues faced by the Eisenhower National Clearinghouse
(www.enc.org). For an example of an ENC record, see
http://www.enc.org/resources/records/full/0,1240,025708,00.shtm

Page 12 Collier, Piccariello, Robson

characteristics. In addition, the digital library allows other digital libraries to “harvest” its
catalog records, just as it harvests records from them.

The digital library employs professional catalogers to review all materials in the library, to
create summary descriptions of the material, and to generate the information needed for
searches. This information is called metadata and it constitutes valuable intellectual
property that the digital library has generated through the application of their resources. If
teachers, parents and students know that a review or classification came from this
particular digital library, they can assume that it is authoritative and accurate.

The digital library faces two rights management challenges:

ƒ The digital library would like users to be able to specify terms of use (such as
“no fee”) when searching its catalog, and to see rights information in a
standard structure and format when catalog records are found.

ƒ The digital library would like to appropriately protect its own intellectual
property (the metadata records) in order to maintain “branding” and prevent
misuse or misrepresentation of the reviews and metadata it has created.

Analysis

1. Environmental Factors

a. Market models. The content cataloged in the digital library comes from a
variety of sources – commercial, private, publicly funded and academic. These all
use different market models, but the digital library is acting only as a means to
find and evaluate resources. In the scenario as written, the business model (and
therefore the market model) for the digital library itself is not specified, but in
fact it is supported by a combination of federal funds, federal grants and
contracts with state or multi-state educational agencies. The metadata records
created by the digital library can be used by other digital libraries at no fee,
provided that appropriate branding and attribution are retained when these
records are re-used.

b. Legal and Policy Context. The policy of the digital library allows for content of
all types to be cataloged in the library, regardless of the terms of use associated
with that content. The digital library is also subject to reporting requirements
and other policies that result from the method through which it is funded. These,
together with overarching copyright and intellectual property rights laws, form
the context in which the library must operate.

c. Important actors (organizations and people) and roles.

ƒ The digital library organization

ƒ Authors and publishers of cataloged content
ƒ Education administrators, teachers, parents and students who use the library
ƒ Other digital libraries that share metadata records

d. Expectations for the management of rights. The digital library expects that
its users will be able to see and interpret the digital rights associated with the
content it catalogs. The digital library does not expect to be involved in enforcing
digital rights on behalf of others, but it does not wish to interfere with rights

Page 13 Collier, Piccariello, Robson

 enforcement. The library expects to receive proper attribution and branding when
others use its own metadata records and would like to have as much data as
possible on how they are being used.

2. Content Lifecycle

The digital library provides the “find” function in the content lifecycle and therefore
plays an important role in distribution and acquisition of content. It is also involved
in the authoring and production of content, but only for its own metadata records.

3. Rights

a. Definition of Rights.

ƒ Rights for the content cataloged by the digital library are defined externally to
the digital library. Primarily, they are defined when the content is authored or
published. However, the digital library might catalog content from another
digital library or from an online distributor of educational material. In that
case rights might be defined (or expressed) by an organization that is one or
two steps removed from the source of the content.
ƒ Rights for the digital library’s catalog records are defined when they are
created and stored in the library.

b. Acquisition and Distribution of Rights.

ƒ The digital library would like to interpret and display rights information as part
of its catalog records and would like to permit users to search for resources
with specific rights attributes (e.g. that are cost-free). However, as with the
content it catalogs, the digital library does not want to be involved in the
actual acquisition or distribution of rights.
ƒ The digital library would like to properly distribute (and control the
distribution of) rights to its own catalog records. For example, it would like
ensure that they can be widely used but that it receives attribution and usage
data in exchange.

c. Enforcement.

ƒ The digital library does not enforce rights for the resources it catalogs.
However, those resources might have associated rights that affect the way in
which the digital library can catalog them. For example the associated terms
of use may forbid “deep linking.9”
ƒ The digital library would like attribution and usage rights for its own
intellectual property (its catalog records) to be enforced when they are
accessed, either directly or through a different digital library that has
“harvested” the records.

4. Usage Tracking

Usage tracking is desirable so the digital library can analyze and report on usage and
impact as part of its justification for continued public funding.

9
See http://fairuse.stanford.edu/Copyright_and_Fair_Use_Overview/chapter6/6-c.html for a discussion.

Page 14 Collier, Piccariello, Robson

 5. Services Required

The digital library needs a service that will allow it and its users to display and
interpret rights associated with content that comes through a variety of channels.

Another required service is one that permits the digital library to uniquely identify
objects (to avoid duplication in its catalog) and that ensures that links are up-to-date
and function properly (so that users can access the content described in catalog).
These services are often combined and called “persistent unique identifiers.”

The digital library also desires a usage tracking service that will return data even
when its catalog records have been accessed through a source that is several steps
removed. For example, a catalog record from the digital library in the scenario might
be harvested by a second digital library that maintains a catalog of educational
mathematical resources. A school district might then find the record through this
second digital library and place it in a resource section of its Web site. When a
teacher uses the district’s version of the catalog to retrieve content for classroom
use, the desired tracking service would report this back to the digital library that
originally created the record.

6. Services Provided by Existing Technology

In practice, the services do not exist today to support DRM in the distributed digital
library ecosystem described above.

7. Gaps / Future Technology

Standards and technology are emerging for persistent unique identifiers based on
registries and handle systems [11,19,20, and 32] and for rights expressions that can
be read by humans and processed automatically by computers [21, 33, 54].
Persistent unique identifiers are needed for tracking and reporting and standardized
rights expressions are needed to manage rights across distributed and federated
networks of information sources.

4 Implementing DRM in an Ecosystem

As has been illustrated, the ecosystem model presented in Figure 1 can be used to analyze
how rights are managed and what gaps need to be filled in particular scenarios. This section
walks through the components of the Ecosystem one at a time, pointing out where policies
need to be set and what technology should be considered in contemplation of implementing
rights management in a real-world ecosystem.

4.1 The Rights Management Environment

A DRM ecosystem for education operates within a particular set of environmental conditions,
composed of the law, policy, practice, market mechanisms, organizations, people with roles,
and expectations of the education community. Recognizing and understanding these is the
first step in a successful DRM implementation.

Page 15 Collier, Piccariello, Robson

Actors (People and Organizations)

DRM, often equated with content protection, has a reputation as serving the publishers and
vendors of content. In fact, it can and should serve a more diverse audience and it is of
paramount importance to identify the real customer(s) in any DRM implementation. This can
be complex and can lead to conflicting goals and measures of success, but it is necessary to
acknowledge and face this complexity.

Law

Copyright law grants creators of an original work certain rights to their creations. These
laws, which vary from country to country, establish the legal requirements and boundaries
within which the education community must operate. Laws can both support and inhibit the
management of intellectual property, but they cannot be ignored.

Market and Intellectual Property Management Models

Before a community can implement a rights management ecosystem, it must identify and
agree upon the underlying market and intellectual property management models that will be
in play. Market models might include retail and wholesale models, public funding models,
free distributions models, and federations and cartels. Property management models might
include centralized and decentralized control and client / server, distributed networks, and
peer-to-peer networks. Each model and management approach has commensurate rights
management and tracking requirements.

Rights and Conditions

Before selecting technology and services, a community must consider which specific rights,
permissions and conditions will be supported by an automated ecosystem. Examples of
specific rights are the right to: copy; print; modify; distribute; and use for commercial
purposes.

The community must also agree on the conditions that can be imposed and enforced by the
ecosystem in order to access these rights. Conditions can include things such as: payment
required; limitations on the number of times a work can be copied, read, printed or
redistributed; limitations on the time frame during which the rights can be exercised; and
specifying the attribution required if the work is quoted or re-used in any way.

Choosing the Right Problems to Solve

DRM will be of the most value in an environment where there are simple, small and frequent
transactions involving the use or exchange of intellectual property. If the transactions are
infrequent then automation is not cost effective. If the transactions are overly complex,
then automation may not be feasible. If the transactions are more suitably handled via
traditional negotiations and contracts, then automation is not called for. Not all types of
rights transactions are appropriate for automation.

As pointed out in the scenarios in the previous section, technology-based DRM is needed but
the technology is in a nascent state. An approach based on identifying one or two key
problems and trying to solve them with the best technology available is more likely to
succeed than either doing nothing while waiting for the technology to mature or
implementing everything in an attempt to solve all problems at once.

Page 16 Collier, Piccariello, Robson

4.2 Content Life Cycle

Digital rights management occurs in the larger context of content management. In making
decisions concerning rights management, it is important to determine how content is
managed and, in particular, which aspects of content management are relevant.

The following is a basic model of content management that can be used for this purpose.
More complete models of content life cycles and content management may be found in the
books and articles referenced at the end of this white paper. [3, 7, 9, 23, 44, 45]

Content Life Cycle and Rights Issues

Create
Author Create new content, from scratch or Rights are defined when content is
by modifying existing material created. Licensing policies and
Assemble Bring together works from one or supporting technology should be
more sources and assemble them into considered.
a coherent learning module.
Offer
Publish Prepare and issue content for public Rights should be published, cataloged
(or institutional) distribution. and distributed together with content.
Catalog Classify and record attributes of This may require preservation and
content. expression of rights data.
Distribute Distribute content to the targeted
users.
Acquire
Find Search for content and discover Rights information can be used as a
content that meets the search criteria. search criterion and rights must be
Acquire Acquire access to the content in the acquired before content can be used.
format needed to support the desired
use.

Use
Use Display, interact with and otherwise Rights determine whether and how
use content content may be used. Rights may be
enforced when content is used.
Figure 2

4.3 Tools and Applications Supporting the Content Life Cycle

The content life cycle is supported by software that falls into several product categories.
Rights management capability must be built into or work in concert with this software if
rights management is to be automated. It is therefore important for decision makers to
understand the various product categories and what the software provides10. This section
provides an overview of these tools.

10
Brandon-Hall publishes regular reports comparing features and functionality of products in various categories.
The executive summaries (usually available for free from [1]) provide definitions and explanations of various
e-Learning product categories. [5] and [26] also contains information of this type.

Page 17 Collier, Piccariello, Robson

Authoring and Assembly Tools

Authoring tools are used to create and modify content. They include general purpose
content authoring tools (such as Microsoft’s Word and PowerPoint, and Macromedia’s
Authorware, Dreamweaver and Flash), tools designed specifically for authoring learning
content (e.g. Trivantis Lectora, Toolbook, and ReadyGo), and tools for authoring online tests
(such as QuestionMark Perception).

Assembly tools are used to aggregate multiple pieces of content into meaningful learning
experiences with appropriate navigation paths between content objects. Content can be
assembled using an authoring tool or within a learning content management system or a
course management system.

Rights management begins in the authoring process. This is one place where rights and
licenses can be assigned to content, e.g. by explicitly defining rights associated with a new
or derived work. Authoring tools must also be able to interpret and potentially enforce
rights, e.g. by preventing existing content from being copied or edited.

Content Repositories

The term “content repository” covers a wide range of systems and services that store,
manage and give access to content and metadata. These include library systems, content
management systems, learning content management systems, digital asset management
systems, e-stores, and Web content management systems. Repositories can have built-in
search technology or rely on public search engines such as Google.

As content moves from author to student, it often passes through one or more content
repositories. If rights management is to be automated, the repositories must preserve,
process and transmit information about rights. Cataloging tools must handle rights
metadata, and interfaces to repositories may be called upon to enforce rights, for example
through a system of authentication and authorization.

It is useful to draw a distinction between internal repositories maintained by an institution

and external repositories from which content is brought into an ecosystem. If a repository is
“behind the firewall11,” a combination of password protection and access control (based on
the role of a user within an institution) form a rights management framework that works for
many existing purposes. When content is required to pass across the institutional boundary,
either as content provided to others or as content obtained externally, then rights must be
associated to content in a persistent way, as discussed in the earlier scenarios.

Learning Management Environments

Learning management environments are designed to organize and deliver structured

learning and to track a student’s progress towards learning goals.

Course Management Systems and Virtual Learning Environments are products that
instructors use to assemble online courses with syllabi, reading materials, chat rooms, email
lists, and tests. These products also maintain class lists and authenticate users.

11
“Behind the firewall” means that it is only accessible to authorized users from within an institution’s IT
environment.

Page 18 Collier, Piccariello, Robson

Learning Management Systems refer to products used to manage learner records and
learning resources, usually in corporate or government training environments. They keep
track of certifications, perform skill gap analyses, maintain a learning catalog, manage
classroom resources, handle financial transactions and deliver content. In the academic
space, the term “learning management system” is often used as a synonym for course
management system or virtual learning environment.

Learning management environments both access and serve as content repositories. As

pointed out in Scenario 3, the access control provided by course management systems
suffices for many, but not all, rights management purposes. The challenges mount when
they start interacting with external repositories.

Personal Computing Environments

Ultimately content is accessed through a personal computing environment on a workstation,

desktop, notebook or tablet computer or on a hand-held device. This environment includes
applications and functionality that enables content to be displayed, printed, copied, modified
and shared with others. Rights management can involve both the system that is providing
access to content (e.g. a Learning management environment) and the computing
environment itself. Inasmuch as the traditional approach to DRM has been one of protecting
content and enforcing this protection in the applications that could potentially print, copy,
distribute or display the content, DRM has heretofore been largely viewed as being enacted
in personal computing environments.

4.4 Rights Management Tools, Services and Standards

The DRM ecosystem model and the scenarios address four distinct aspects of rights
management: defining rights, distributing / acquiring rights, enforcing rights and tracking
usage. This section discusses some concepts, services and standards that are relevant to
the automation of these processes.

Licenses

A license is a legal vehicle for granting an individual or organization an explicit collection of

rights and conditions for the use or distribution of a copyrighted work. The expression or
codification of the rights and conditions granted is also called a license.

It seems impractical to expect a real-world DRM ecosystem to deal with complete range of
possible terms, conditions and licenses. It is therefore suggested that a community define a
few standard licenses that meet their needs, as is done by the Creative Commons [8]. This
suffices for most purposes and greatly simplifies implementation and adoption. Without
licenses, users may not be able to modify content for reuse and may not even be able to
use it all12.

Usage and Distribution Licenses

Licenses can only be granted by the owner or rights holder of a copyrighted work, but this
can occur directly or indirectly. Every time content changes hands, a new license is needed
to express the rights of the recipient. As the content is passed along, new sets of conditions
and permissions may come into play. For example, a publisher might attach a license to a
course pack for use on a PC that grants a school district the right to distribute the course

12
See the NSDL Reusable Learning Project Web site [42] for a discussion.

Page 19 Collier, Piccariello, Robson

pack, provided they pay a license fee and that no more than one thousand copies are made
in total. This is called a distribution license. When the district distributes the course packs to
individual schools or classes, it might create new licenses that allow a fixed number of
copies to be made but that does not have a payment condition. This is a second distribution
license. When a copy is downloaded to a student's computer, the right to make a copy
might be removed completely. The student receives a usage license.

Rights Expressions and Rights Expression Languages

A rights expression is a machine (and human) readable expression of what can be done with
content under what conditions. Licenses can be written using rights expressions. A rights
expression language is a grammar and vocabulary for expressing rights in a standardized
format13. Standardization is needed so that different components of an ecosystem can
communicate and uniformly interpret rights. The most widely recognized rights expression
languages14 are the MPEG-REL (Moving Pictures Expert Group – Rights Expression
Language) [21] and ODRL (Open Digital Rights Language) [33].

Persistence

Persistence refers to the ability of a rights expression or identifier to be retained as content

moves from one system to another. Persistence is an important underlying content that, as
the scenarios point out, becomes crucial in ecosystems that involved distributed networks.
Persistence can be achieved (for rights) by associating licenses with content using rights
expressions.

Persistent is not the same as constant. Different rights apply to different users, so different
usage licenses may be granted to different students in compliance with the same
distribution license. For example, a graduate student acting as an instructor may be granted
the right to annotate and re-distribute content, whereas a student enrolled in a class may
not be. Persistence includes the concept that rights can be defined, distributed and acquired
as content moves through an ecosystem.

Tracking (by Learning Management Environments)

In the learning technology world “tracking” refers to the ability of a delivery system such as
a learning management system or course management system to record data on test scores
and time spent in an activity. Standards such as SCORM [1] enable data of this form to be
communicated between content and a delivery system in a way that is initiated and
controlled by the content rather than by the system. This is necessary if the same content is
to run and exhibit the same behavior on multiple systems.

Encryption

Encryption is the process of encoding data so that only an intended recipient can read it.
Encryption plays a role in authentication and in data protection, both of which are used in
DRM.

13
The grammar may be considered as separate from the vocabulary. For example, in the MPEG REL standard, the
vocabulary is encoded in a rights data dictionary.
14
Educational requirements for Rights Expression Languages have been developed by the IEEE Learning
Technology Standards committee and mapped to MPEG-REL and ODRL [17]. An extension to the MPEG-REL, based
on this work, is being developed by an ISO committee [46].

Page 20 Collier, Piccariello, Robson

Authentication and Authorization Services

Authentication is the process of establishing the identity of a user. Enterprise systems

typically rely on one or more services to do this. Increasingly, institutions are implementing
“single sign on,” which means that users authenticate once, and do not have to provide a
login ID and password (i.e. do not have to authenticate) each time they access a new
system.

Authorization is the process of determining what a user is permitted to do. Authentication is

often the first step.

Single sign on does not solve the problem of authenticating when accessing external
content. Shibboleth [18] addresses this problem by providing a way for one institution to
obtain authority from a trusted partner institution. The Open Knowledge Initiative [34] also
addresses authentication and authorization, providing a standardized way for educational
applications to access institutional services.

In existing rights management frameworks, users are typically authorized to perform

certain actions with content based on their roles within an institution or course (student,
auditor, professor, teaching assistant, etc.). A user’s role is determined on the basis of
established identity (authentication) and then used to determine what the user may do
(authorization). Alternatively, authorities are assigned directly to users, for example by a
trusted partner institution using Shibboleth.

This entire approach is sometimes called role-based authorization. The difficulty with it is
that the permissions are associated with users, not with content. Typically, access is the
only permission that is effectively managed through role-based authorization and even that
involves placing content into a particular area of a repository or associating with a particular
course within a learning management environment. Role-based authorization has difficulty
addressing distribution rights, attribution requirements, and copy protection. It also requires
human intervention to put content in the appropriate location as it moves from one part of
an ecosystem to the next. A lot can be done with role-based authorization, but its
limitations should be recognized.

Persistent Unique Identifiers and Registries

Persistence throughout and across ecosystems depends in part on the ability to uniquely
identify content. Several systems have been proposed for this, many of which involve
handles and registries. A registry is a single, stable location that stores information on
content, including the location from which it can be accessed. A handle is a pointer to a
registry that includes an identifier provided by the registry for a registered piece of content.
This system provides identifiers that are more dependable than direct pointers to content,
i.e. than URL’s. If content providers use a registry, it also provides a means to resolve
redundant references. Registries can potentially associate metadata with content, including
rights metadata.

A number of persistent unique identifier initiatives are underway. The most widely known is
the Digital Object Identifier system [11, 47, 48]. The Advanced Distributed Learning
initiative has plans to create registry systems for learning objects [22].

Page 21 Collier, Piccariello, Robson

License Registry

A license registry is a place where licenses may be registered, permanently stored and
readily accessed. A license registry could be used to associate licenses with content. The
Creative Commons [8] offers an example. Any user can register creative commons licenses
on the site. License registries are another means to associate rights to content in a
persistent fashion.

Financial and Other Services

In the corporate world, learning management systems integrate with financial systems,
human resources systems, and other “enterprise systems” to manage access to content
based on departmental charge-backs, user fees, manager permissions and other factors.
The market models that underlie a DRM ecosystem can necessitate using these types of
services in the educational world as well.

5 Conclusion
Digital rights management – the management of intellectual property rights through using
digital technology - is needed for the development of the knowledge economy in education
[29, 41]. It is needed to promote knowledge sharing as much as it is to protect content
from unauthorized use.

The ecosystem model presented in this white paper provides a structure for clarifying DRM
requirements, identifying what technology is involved and what gaps still exist. Applying the
model is a valuable first step in understanding the challenges and opportunities faced by
any institution or organization contemplating a DRM implementation.

As one starts to apply the model, several things become apparent. First, rights management
can be very complex. Second, existing frameworks for digital rights management –
primarily using “role-based authorization” – have limitations, particularly in a distributed
network environment. This supports a movement towards “persistent” methods that
associate identifiers, rights and conditions directly to content. Third, the standards and
services required to implement persistent methods and to apply DRM to market models
other than a retail model are just starting to emerge. This presents implementers with the
dilemma of deciding what can be done in the real world today while managing the risks
associated with a changing environment.

DRM is a huge and complex subject that this white paper has attempted to consolidate into
a simple ecosystem model. But every box and arrow in the model presented in Figure 1 is
worthy of at least a chapter, if not a book, of its own. The references that follow include
books, articles, and Web sites that allow the subject to be explored more fully.

Page 22 Collier, Piccariello, Robson

 6 References
1. ADL (2004). Advanced Distributed Learning initiative, Sharable Content Object
Reference Model (SCORM). Available from the Web site http://www.adlnet.org

2. Brandon-Hall (2004). Publications listed on the Brandon-Hall Web site.

http://www.brandonhall.com/public/publications/index.htm.

3. Byrne, T. (2002). “The CMS Report”, CMS Works Inc., 3rd Edition, Autumn 2002.

4. COLIS (2004). Collaborative Online Learning and Information Services. Web site.
http://www.colis.mq.edu.au.

5. Collier, G.(2002). “eLearning Application Infrastructure”, Sun Microsystems, March

2002. http://www.sun.com/products-n-
solutions/edu/elearning/eLearning_Application_Infrastructure_wp.pdf

6. ContentGuard (2004). ContentGuard. Web site. http://www.contentguard.com

7. Cope, Bill and Freeman, Robin editors (2001). Digital Rights, Management and Content
Development, Common Ground Publishing, 2001

8. Creative Commons (2004). The Creative Commons. Web site.

http://www.creativecommons.org.

9. Dalziel, J. (2003). “The Learning Object Lifecycle”, Macquarie E-learning Centre of

Excellence, May 2003. www.melcoe.mq.edu.au

10. DMDsecure. Digital Media Distribution Secure. Web site. http://www.dmdsecure.com

11. DOI (2004). The Digital Object Identifier System. Web site. http://www.doi.org

12. Downes, Mourad, Piccariello & Robson (2003) “DRM in E-learning: Problem Statement
and Terms of Reference”, E-learn 2003 Proceedings.
www.eduworks.com/Documents/DRM in E-Learning.pdf

13. Giant Steps. (2004). References in the Giant Steps Bibliography.

http://www.giantstepsmts.com/drmbiblio.htm

14. Hulme, George (2003). “Who Needs to Know?” Information Week, June 9, 2003
www.informationweek.com/story/showArticle.jhtml?articleID=10300293

15. Hyperdictionary. (2004). Hyperdictionary. Web site. http://www.hyperdictionary.com

16. Iannella, Renato (2001). “Digital Rights Management (DRM) Architectures” D-Lib
Magazine, June 2001, Volume 7 Number 6.
http://www.dlib.org/dlib/june01/iannella/06iannella.html

17. IEEE LTSC (2004). IEEE Learning Technology Standards Committee. Web Site.
http://ltsc.ieee.org.

18. Internet2 (2004). The Shibboleth Project. Web site. http://shibboleth.internet2.edu

19. ISBN (2004). International Standard Book Number. Web site. http://www.isbn.org

20. ISSN (2004). International Standard Serial Number. Web site. http://www.issn.org

Page 23 Collier, Piccariello, Robson

21. ISO/IEC (2004). Information technology -- Multimedia framework (MPEG-21) - Part 5:
Rights Expression Language. ISO/IEC 21000-5:2004.
http://www.iso.ch/iso/en/CombinedQueryResult.CombinedQueryResult?queryString=21
000-5

22. Kraan, W. (2004). ADL to Make a “Repository SCORM.” Centre for Educational
Technology Interoperability Standards.
http://www.cetis.ac.uk/content2/20040219153041

23. Jennings, Tim (2002). “Defining the Document and Content Management Ecosystem,”
Butler Direct Limited, September 2002

24. LITE. (2004). Michigan State University Laboratory for Instructional Technology in
Education. Web site. http://www.lite.msu.edu

25. Lynch, C. (2003). Institutional Repositories: Essential Infrastructure for Scholarship in

the Digital Age. Association of Research Libraries. Monthly report 226. February 2003.
http://www.arl.org/newsltr/226/ir.html.

26. Masie Center (2002). ”Making Sense of Learning Specifications and Standards.” Second
edition, March 2002. http://www.masie.com/standards/S3_Guide.pdf.

27. McCullagh, Adrian and Caelli, William (2000). “Non-Repudiation in the Digital
Environment”, First Monday, volume 5, number 8, August 2000.
http://www.firstmonday.dk/issues/issue5_8/mccullagh/

28. NLII (2004). Educause National Learning Infrastructure Initiative, Learning Objects (NLII
2002–2003 Key Theme). Many references given.
http://www.educause.edu/nlii/keythemes/learningObjects.asp.

29. Norris, Mason, Robson, Lefrere & Collier. (2003). A Revolution in Knowledge Sharing.
Educause Review, September/October 2003, 38 (5), 14 – 26.

30. NSDL (2004). National Science Digital Library. Web site. http://www.nsdl.org

31. OAI (2004). Open Archives Initiative. Web site. http://www.openarchives.org

32. OCLC (2004). Persistent Uniform Resource Locator. Online Computer Library Center.
Web site. http://purl.oclc.org

33. ODRL (2004). Open Digital Rights Language Initiative. Web site. http://www.odrl.net

34. OKI (2004). The Open Knowledge Initiative. Web site. http://web.mit.edu/oki.

35. Overdrive (2004). Overdrive DRM Solutions. Web site.

http://www.overdrive.com/drm_solutions

36. Rehak, D. (2003). “A SCORM Roadmap: SCORM’s Technical Evolution” Presentation

from the Learning Systems Architecture Lab web site – www.lsal.cmu.edu

37. Rights Express (2004). Rights Express. Web site. http://www.rightsexpress.com

38. Robson, R. (2002). “The ‘Rights’ Stuff”, Techlearn presentation, November 2002

Page 24 Collier, Piccariello, Robson

39. Robson, R. (2003). “Digital Rights Management and Educational Content”, Eduworks,
workshop given at EdMedia June 23, 2003 - workshops.eduworks.com/EdMedia2003/

40. Robson, R. (2003). “The Teach Act and the MPEG Rights Expression Language”,
Eduworks, 2003 - http://www.xrml.org/reference/TEACH_REL_WP.pdf

41. Robson, Norris, Lefrere, Collier, & Mason. (2003) Share and Share Alike: The E-
Knowledge Transformation Comes to Campus. Educause Review, September/October
2003. Online only. http://www.educause.edu/ir/library/pdf/erm0351.pdf

42. Robson, Muramatsu & Collier (2004). The Reusable Learning Project. Web site.
http://www.resuablelearning.org.

43. Rosenblatt, Bill (1997). "The Digital Object Identifier: Solving the Dilemma of Copyright
Protection Online," in the Journal of Electronic Publishing (University of Michigan Press),
volume 3, issue 2, December 1997

44. Rosenblatt, Bill and Dykstra, Gail (2003). “Integrating Content Management with Digital
Rights Management,” Giantsteps Media Technology Strategies and Dykstra Research,
May 2003

45. Rosenblatt, Trippe and Mooney (2002). Digital Rights Management – Business and
Technology, M & T Books 2002

46. SC36 (2004). ISO/IEC JTC1 SC36 Working Group 4, Web Site.
http://mdlet.jtc1sc36.org/.

47. Scharf, Davida (2002). The DOI is coming: tracking digital information, Information
Outlook Magazine, Sept 2002.
http://www.findarticles.com/cf_dls/m0FWE/9_6/91913053/p1/article.jhtml

48. Slater, Jenny and Barker, Phil (2003). Unique Identifiers for Metadata Records, CETIS
(the Centre for Educational Technology Interoperability Standards, last modified
February 2003. http://metadata.cetis.ac.uk/guides/uids.doc

49. Ternier, Stefaan and Duval, Erik (2003). “Web services for the ARIADNE Knowledge Pool
System” Dept. Computerwetenschappen, Katholieke Universiteit Leuven, November
2003. http://rubens.cs.kuleuven.ac.be:8989/ariadne/CONF2003/papers/TER2003.pdf

50. Thomson Corporation. (2004). South-Western Book Division of Thomson Corporation:

eBook Glossary. http://www.swcollege.com/ebooks/glossary.html.

51. U.S. Copyright Office (1998). Digital Millennium Copyright Act (Summary).
http://www.copyright.gov/legislation/dmca.pdf

52. U.S. Copyright Office (2001). Copyright Law of the United States, Text Revised as of
July, 2001. http://www.copyright.gov/title17/

53. U.S. Copyright Office (2002). The TEACH Act Text.

http://www.copyright.gov/legislation/pl107-273.html#13301

54. XRML (2004). Extensible Rights Markup Language. Web site. http://www.xrml.org.

Page 25 Collier, Piccariello, Robson